Kajisight Posted October 1, 2009 ID:136110 Share Posted October 1, 2009 i just ran a quick scan and it found 19 infections, I then ran the scan in the developer mode.Malwarebytes' Anti-Malware 1.41Database version: 2880Windows 5.1.2600 Service Pack 29/30/2009 10:15:29 PMmbam-log-2009-09-30 (22-15-27).txtScan type: Quick ScanObjects scanned: 92798Time elapsed: 1 minute(s), 33 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 17Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\TypeLib\{90f3d7b3-92e7-44ba-b444-6a8e2a3bc375} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\Interface\{4921908c-7090-4d37-a6b3-fc447f08378a} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\Interface\{750fc67c-0311-4391-9864-a2efed49bd28} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\Interface\{f3fc950c-7583-4377-bad8-efbeaa33273c} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]I uploaded the actskin4.ocx file to VirusTotal, here's the link to the results.(Only 1 scanner on VirusTotal found something, it was eSafe that detected "Win32.Flooder.IM.VB." Since just 1 at VT found it, it prolly is a FP?) Link to post Share on other sites More sharing options...
Kajisight Posted October 1, 2009 Author ID:136114 Share Posted October 1, 2009 I just right clicked actskin4.ocx an scanned it with MBAM but it found nothing, why would the quick scan find it but not the manual file scan? Link to post Share on other sites More sharing options...
ceomag Posted October 1, 2009 ID:136119 Share Posted October 1, 2009 I started picking this up today also. I ran a full scan yesterday and nothing, today 15 items and counting. I only visited a few pretty well trusted forums today, so it didn't seem likely, then I checked in here. Since it looked suspicious I aborted and will run in "Developer Mode" as soon as I've posted. Link to post Share on other sites More sharing options...
Kajisight Posted October 1, 2009 Author ID:136121 Share Posted October 1, 2009 I started picking this up today also. I ran a full scan yesterday and nothing, today 15 items and counting. I only visited a few pretty well trusted forums today, so it didn't seem likely, then I checked in here. Since it looked suspicious I aborted and will run in "Developer Mode" as soon as I've posted.Thank you so much for replying, knowing I'm not the only one made me feel better. Anytime a scan picks up something my heart skips a beat lol. Link to post Share on other sites More sharing options...
rriso Posted October 1, 2009 ID:136130 Share Posted October 1, 2009 Hello,I am getting somewhat similar results.Malwarebytes' Anti-Malware 1.41Database version: 2880Windows 5.1.2600 Service Pack 39/30/2009 9:06:01 PMmmmmbam-log-2009-09-30 (21-05-47).txtScan type: Quick ScanObjects scanned: 85999Time elapsed: 3 minute(s), 40 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 10Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922069686919676822142521252614212566701425261871142617682567197118267122239413014739]HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922219681718662423141826701914216622171466702566142025717167686871261825199413014739]HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922423197068211926141866226914216667251425212166142666222219701819211869669413014739]HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301926622172370712525142670716814212219191467717018146625702525236623216925179413014739]HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301926725242426266671141968702614216966661426206871142322711717191720222023269413014739]HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301926767682420682621142020246814212068681467221968142018706726716620211718209413014739]HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301926821172371251823142018256914217124691425186867146766262068662467241769229413014739]HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301926922171969216620141720702314217066701466182170142326231723686623202120179413014739]HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301927068191924241769142020212014216822231425662569142070222317212422712322229413014739]Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)(I exited out of the program since i was not sure if this was a fp or not, so I did not apply any action) Link to post Share on other sites More sharing options...
JonPaulOnLine Posted October 1, 2009 ID:136133 Share Posted October 1, 2009 I have same concern following the scheduled scan within the past hour Link to post Share on other sites More sharing options...
JonPaulOnLine Posted October 1, 2009 ID:136134 Share Posted October 1, 2009 I have same concern following the scheduled scan within the past hourMalwarebytes' Anti-Malware 1.41Database version: 2880Windows 5.1.2600 Service Pack 310/1/2009 12:10:45 AMmbam-log-2009-10-01 (00-10-34).txtScan type: Quick ScanObjects scanned: 92163Time elapsed: 6 minute(s), 19 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 10Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
JonPaulOnLine Posted October 1, 2009 ID:136136 Share Posted October 1, 2009 I have same concern following the scheduled scan within the past hourI have never had an infection in years. and the only change to my system was the install of microsoft security essentials anti virus program , a couple of hours ago Link to post Share on other sites More sharing options...
ceomag Posted October 1, 2009 ID:136142 Share Posted October 1, 2009 Here's the log from the Developer Mode run:Malwarebytes' Anti-Malware 1.41Database version: 2880Windows 5.1.2600 Service Pack 310/1/2009 12:48:33 AMmbam-log-2009-10-01 (00-48-25).txtScan type: Full Scan (C:\|)Objects scanned: 243893Time elapsed: 1 hour(s), 11 minute(s), 58 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 13Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739] Link to post Share on other sites More sharing options...
JonPaulOnLine Posted October 1, 2009 ID:136147 Share Posted October 1, 2009 I have never had an infection in years. and the only change to my system was the install of microsoft security essentials anti virus program , a couple of hours agoDid some research . These potential FP's developed out of the past download of MBAM definitions.I tested by performing a system restore to 7 hours ago, then ran a new MBAN scan.. and No registry items were flagged as suspiciousHmmm Link to post Share on other sites More sharing options...
JonPaulOnLine Posted October 1, 2009 ID:136148 Share Posted October 1, 2009 Did some research . These potential FP's developed out of the past download of MBAM definitions.I tested by performing a system restore to 7 hours ago, then ran a new MBAN scan.. and No registry items were flagged as suspiciousHmmmMalwarebytes' Anti-Malware 1.41Database version: 2878Windows 5.1.2600 Service Pack 310/1/2009 1:33:42 AMmbam-log-2009-10-01 (01-33-42).txtScan type: Quick ScanObjects scanned: 92294Time elapsed: 8 minute(s), 10 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
JonPaulOnLine Posted October 1, 2009 ID:136149 Share Posted October 1, 2009 could it be in Database version: 2879orDatabase version: 2880 Link to post Share on other sites More sharing options...
MESURF4 Posted October 1, 2009 ID:136176 Share Posted October 1, 2009 could it be in Database version: 2879orDatabase version: 2880 I had this same issue and it seems to be in my case connected to AVAST Antivirus ( Free Version 4.8) as after removal with Malwarebytes I went to open avast and it created an error related specifically to the actskin 4.ocxHope this HelpsBoth my computers have AVAST both had the same Exact # of files same name same everythingALOHA Link to post Share on other sites More sharing options...
nmb Posted October 1, 2009 ID:136177 Share Posted October 1, 2009 Exactly the same problem here.I updated today(Thursday 1st oct 11:45 am IST).Malwarebytes' Anti-Malware 1.41Database version: 2881Windows 5.1.2600 Service Pack 310/1/2009 11:58:26 AMmbam-log-2009-10-01 (11-56-06).txtScan type: Quick ScanObjects scanned: 88851Time elapsed: 55 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 17Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\TypeLib\{90f3d7b3-92e7-44ba-b444-6a8e2a3bc375} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\Interface\{4921908c-7090-4d37-a6b3-fc447f08378a} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\Interface\{750fc67c-0311-4391-9864-a2efed49bd28} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\Interface\{f3fc950c-7583-4377-bad8-efbeaa33273c} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken.what next? Link to post Share on other sites More sharing options...
nmb Posted October 1, 2009 ID:136179 Share Posted October 1, 2009 and here is the mbam.exe /developer logmbam_log_2009_10_01__12_04_20_.txt Link to post Share on other sites More sharing options...
joe53 Posted October 1, 2009 ID:136180 Share Posted October 1, 2009 Malwarebytes' Anti-Malware 1.41Database version: 2881Windows 5.1.2600 Service Pack 301/10/2009 2:33:21 AMmbam-log-2009-10-01 (02-33-15).txtScan type: Quick ScanObjects scanned: 109823Time elapsed: 2 minute(s), 40 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 10Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
ceomag Posted October 1, 2009 ID:136181 Share Posted October 1, 2009 I had this same issue and it seems to be in my case connected to AVAST Antivirus ( Free Version 4.8) as after removal with Malwarebytes I went to open avast and it created an error related specifically to the actskin 4.ocxHope this HelpsBoth my computers have AVAST both had the same Exact # of files same name same everythingALOHAYep. I've got Avast! and it won't open. Link to post Share on other sites More sharing options...
nmb Posted October 1, 2009 ID:136185 Share Posted October 1, 2009 I too have avast installed. I know its a false positive for sure and will not remove those infections until I have heard something from the mbam guys. Link to post Share on other sites More sharing options...
joe53 Posted October 1, 2009 ID:136188 Share Posted October 1, 2009 No avast here.mbam_log_2009_10_01__02_51_17_.txt Link to post Share on other sites More sharing options...
nmb Posted October 1, 2009 ID:136189 Share Posted October 1, 2009 No avast here.the actskin4.ocx belongs to avast and so avast will not start if that file is removed. Link to post Share on other sites More sharing options...
ceomag Posted October 1, 2009 ID:136191 Share Posted October 1, 2009 Restored the items from quarantine and Avast! starts up fine. The user interface for Avast! is "skinnable" -- I assume that they use a package from a third party. Link to post Share on other sites More sharing options...
rriso Posted October 1, 2009 ID:136203 Share Posted October 1, 2009 Hello,Posted earlier on this issue.Just wanted to state that I have AVG, paid version.Thank You.Malwarebytes' Anti-Malware 1.41Database version: 2880Windows 5.1.2600 Service Pack 39/30/2009 9:06:01 PMmmmmbam-log-2009-09-30 (21-05-47).txtScan type: Quick ScanObjects scanned: 85999Time elapsed: 3 minute(s), 40 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 10Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922069686919676822142521252614212566701425261871142617682567197118267122239413014739]HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922219681718662423141826701914216622171466702566142025717167686871261825199413014739]HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922423197068211926141866226914216667251425212166142666222219701819211869669413014739]HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301926622172370712525142670716814212219191467717018146625702525236623216925179413014739]HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301926725242426266671141968702614216966661426206871142322711717191720222023269413014739]HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301926767682420682621142020246814212068681467221968142018706726716620211718209413014739]HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301926821172371251823142018256914217124691425186867146766262068662467241769229413014739]HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301926922171969216620141720702314217066701466182170142326231723686623202120179413014739]HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301927068191924241769142020212014216822231425662569142070222317212422712322229413014739]Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Guest Posted October 1, 2009 ID:136221 Share Posted October 1, 2009 Dear Forum,I have almost exactly the same results. Please tell me this is a false positive? Best wishes,Newbi3Malwarebytes' Anti-Malware 1.41Database version: 2881Windows 5.1.2600 Service Pack 31/10/2009 09:46:51 AMmbam-log-2009-10-01 (10-46-46).txtScan type: Quick ScanObjects scanned: 112197Time elapsed: 7 minute(s), 59 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 17Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\TypeLib\{90f3d7b3-92e7-44ba-b444-6a8e2a3bc375} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\Interface\{4921908c-7090-4d37-a6b3-fc447f08378a} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\Interface\{750fc67c-0311-4391-9864-a2efed49bd28} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\Interface\{f3fc950c-7583-4377-bad8-efbeaa33273c} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739]Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [40544237305383807566791534727079851301922025201820201870141769181814212418231425241869142325712067181869192068269413014739] Link to post Share on other sites More sharing options...
nosirrah Posted October 1, 2009 ID:136273 Share Posted October 1, 2009 This should be fixed now . Link to post Share on other sites More sharing options...
YoKenny1 Posted October 1, 2009 ID:136277 Share Posted October 1, 2009 I just updated to 2882 and still getting the 19 items detected Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now